This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

PBF with ECMP Issue

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PBF with ECMP Issue

DennyChanditya
L3 Networker

‎05-20-2022 08:48 AM

Hello, i have question about PBF Using ECMP.

We have 3 ISP and using ECMP Setting with weight round robin and Symetric Return Settings

ISP A > 200

ISP B > 100

ISP C > 50

 

NAT we set like this

All  User > ISP A

 

Using PBF for some IP Segment

Segment A to ISP A

Segment B to ISP B

Segment C to ISP C

 

But we have some problem link below : 

When we check the traffic monitor, we can see that IP Segment A is still Going to ISP B and ISP C

When we disable ECMP, setting the ISP metric in virtual routing to 10,20,30, the Globalprotect only up for ISP that have a low metric.

For some reason, some users can't access/maybe have a slower access to specific website.

Security policy for now we set to Allow All.

 

Is there any solution to avoid IP Segment A going to ISP B and C using this ECMP Method?

0 Likes Likes
2 REPLIES 2

reaper
Cyber Elite
Cyber Elite

‎06-09-2022 02:09 AM

I may be missing the point, but why do you enable ECMP if you only set NAT for ISP A and then set PBF policies to send traffic to a certain ISP?

 

i bet you're running into some sort of conflict where ECMP is bouncing users off to ISP B+C (because you defined ECMP)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

DennyChanditya
L3 Networker
In response to reaper

‎06-12-2022 07:54 PM

For first deployment we was setting to ECMP because they want to utilize all the WAN Links, after few weeks our user had a problem with routing,so we check the routing and see if any problem but we don't find that.

 

So we use the NAT and PBF to specify some segment to specific WAN link, and let the other segment use the ECMP Configuration. I Check another threat in palo/others vendors, i think this is the behaviour the ECMP configuration, balancing the traffic, even we specify the link and when the link is higher than the other, the configuration is balancing the link.

0 Likes Likes
  • 9651 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks